mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-29 06:31:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 14
hermes-agent/optional-skills/security/web-pentest/templates/authorization.md
Teknium 263e008d6b
feat(skills): add web-pentest optional skill (#32265) 
Adds optional-skills/security/web-pentest/ — an authorized web app
penetration testing skill adapted from Shannon's methodology (concepts
only; AGPL-clean fresh implementation).

Phased: recon (read-only) → vuln analysis (delegate_task per OWASP
class) → proof-based exploitation → report.

Guardrails baked in:
- Authorization gate before first active scan (templates/authorization.md)
- Scope allowlist (scope.txt) consulted by recon-scan.sh and
  documented as the rule for every active request
- Aux-client leakage warning (compression + title gen replay history;
  payloads/creds must not enter chat verbatim)
- Bypass-exhaustion discipline before false-positive classification
- L3/L4 (proof-required) for reportable findings; L1/L2 listed as
  candidates only

Closes #400. Supersedes #21845 (plugin-shaped proposal; skill-shaped is
cheaper and matches the existing optional-skills/security/ pattern).
2026-05-25 14:51:41 -07:00

2.4 KiB
Raw Blame History

Engagement Authorization

Fill out before any active testing. Save to engagement/authorization.md.

Engagement ID: Operator: Date opened: <ISO 8601 timestamp> Engagement window: through

Target

  • Primary URL(s):
    • https://...
  • Primary IP(s):
    • X.X.X.X
  • Hostnames covered:
    • host.example.com
    • api.host.example.com
  • Networks covered (CIDR):
    • 10.0.0.0/24 (internal lab)

Authorization Basis

(Pick one — record evidence in writing for anything but ownership.)

  • Operator owns the application and infrastructure being tested.
  • Written authorization from <name, role, organization, date>. Document stored at: .
  • Hermes Agent dashboard, running on this same workstation, used as a self-test target. Operator confirms no other user is connected to the dashboard instance during the engagement.

Out of Scope (must not be tested)

  • Production systems unless explicitly listed above
  • Third-party APIs / SaaS the application calls into
  • Other tenants if the target is multi-tenant
  • Cloud metadata endpoints (169.254.169.254, etc.) unless explicitly included above
  • Destructive payloads (DROP, DELETE, file writes outside test directories) without per-payload approval
  • Active social engineering, phishing, physical security

Constraints

  • Rate limit: req/s per host. Default 5/s (200ms gap).
  • Hours: |
  • Notify-before for: e.g. "any payload that writes data," "any traffic that touches the auth endpoint after 10pm local"

Acknowledgement

By approving this engagement, the operator confirms:

  1. The targets listed above are authorized for active testing by the listed authorization basis.
  2. Testing may produce HTTP 4xx/5xx responses, log noise, alert notifications, and rate-limit triggers in monitoring systems.
  3. The operator is responsible for any consequences of testing targets that are NOT correctly authorized.
  4. The operator will revoke authorization (by stopping the agent) if the scope changes, the time window ends, or any unexpected off-scope behavior is observed.

Operator signature (typed name): ________________ Confirmed at: <ISO 8601 timestamp>